AdaptiveWordBug: Generating adversarial texts with an adaptive scoring strategy against deep learning classifiers

Yunting Zhang; Lin Ye; Baisong Li; Hongli Zhang

doi:10.1016/j.neunet.2025.108262

AdaptiveWordBug: Generating adversarial texts with an adaptive scoring strategy against deep learning classifiers

Yunting Zhang
, Lin Ye^*
, Baisong Li
, Hongli Zhang

^*Corresponding author for this work

Harbin Institute of Technology
Antiy Labs

Research output: Contribution to journal › Article › peer-review

2 Scopus citations

Abstract

Deep learning models demonstrate vulnerability to textual adversarial attacks. Research on adversarial text generation methods contributes to the subsequent design of corresponding countermeasures. Current word-level adversarial text generation methods are typically designed in the framework based on word importance. In this framework, we need to score the importance of each word in a text with a scoring method and subsequently perturb these words in descending order of importance. However, current approaches typically employ a single model-dependent method to score the word importance during the scoring process. This scoring strategy often struggles to select important words comprehensively and accurately and may even fail when faced with some texts. To address this issue, we propose a black-box adversarial text generation method for text classification tasks in the framework based on word importance, named AdaptiveWordBug. AdaptiveWordBug introduces a new scoring strategy, Adaptive Scoring Strategy (ASS), which combines three model-dependent scoring approaches and one model-independent approach. Simultaneously, an adaptive parameter is assigned to each scoring method. Each parameter can be automatically adjusted for different texts. This scoring strategy has two advantages. On the one hand, it can comprehensively and accurately identify important words in any text, greatly enhancing the effectiveness of the generated adversarial texts. On the other hand, each scoring method in this strategy can be easily integrated or removed as a component. This allows simple adjustment of the scoring strategy for different target models, resulting in good suitability for various target models. In experiments conducted on Chinese text classification datasets, we employ the proposed AdaptiveWordBug to attack Chinese BERT and ChatGPT. The results demonstrate that, compared to baseline methods, AdaptiveWordBug exhibits superior attack effectiveness.

Original language	English
Article number	108262
Journal	Neural Networks
Volume	195
DOIs	https://doi.org/10.1016/j.neunet.2025.108262
State	Published - Mar 2026
Externally published	Yes

Keywords

Adversarial example
Deep neural network
Scoring method
Text classification
Textual adversarial attack

Access to Document

10.1016/j.neunet.2025.108262

Cite this

@article{69aa48fc5d494d2f86e9cac5974952e7,

title = "AdaptiveWordBug: Generating adversarial texts with an adaptive scoring strategy against deep learning classifiers",

abstract = "Deep learning models demonstrate vulnerability to textual adversarial attacks. Research on adversarial text generation methods contributes to the subsequent design of corresponding countermeasures. Current word-level adversarial text generation methods are typically designed in the framework based on word importance. In this framework, we need to score the importance of each word in a text with a scoring method and subsequently perturb these words in descending order of importance. However, current approaches typically employ a single model-dependent method to score the word importance during the scoring process. This scoring strategy often struggles to select important words comprehensively and accurately and may even fail when faced with some texts. To address this issue, we propose a black-box adversarial text generation method for text classification tasks in the framework based on word importance, named AdaptiveWordBug. AdaptiveWordBug introduces a new scoring strategy, Adaptive Scoring Strategy (ASS), which combines three model-dependent scoring approaches and one model-independent approach. Simultaneously, an adaptive parameter is assigned to each scoring method. Each parameter can be automatically adjusted for different texts. This scoring strategy has two advantages. On the one hand, it can comprehensively and accurately identify important words in any text, greatly enhancing the effectiveness of the generated adversarial texts. On the other hand, each scoring method in this strategy can be easily integrated or removed as a component. This allows simple adjustment of the scoring strategy for different target models, resulting in good suitability for various target models. In experiments conducted on Chinese text classification datasets, we employ the proposed AdaptiveWordBug to attack Chinese BERT and ChatGPT. The results demonstrate that, compared to baseline methods, AdaptiveWordBug exhibits superior attack effectiveness.",

keywords = "Adversarial example, Deep neural network, Scoring method, Text classification, Textual adversarial attack",

author = "Yunting Zhang and Lin Ye and Baisong Li and Hongli Zhang",

note = "Publisher Copyright: {\textcopyright} 2025 Elsevier Ltd",

year = "2026",

month = mar,

doi = "10.1016/j.neunet.2025.108262",

language = "英语",

volume = "195",

journal = "Neural Networks",

issn = "0893-6080",

publisher = "Elsevier Ltd",

}

TY - JOUR

T1 - AdaptiveWordBug

T2 - Generating adversarial texts with an adaptive scoring strategy against deep learning classifiers

AU - Zhang, Yunting

AU - Ye, Lin

AU - Li, Baisong

AU - Zhang, Hongli

PY - 2026/3

Y1 - 2026/3

N2 - Deep learning models demonstrate vulnerability to textual adversarial attacks. Research on adversarial text generation methods contributes to the subsequent design of corresponding countermeasures. Current word-level adversarial text generation methods are typically designed in the framework based on word importance. In this framework, we need to score the importance of each word in a text with a scoring method and subsequently perturb these words in descending order of importance. However, current approaches typically employ a single model-dependent method to score the word importance during the scoring process. This scoring strategy often struggles to select important words comprehensively and accurately and may even fail when faced with some texts. To address this issue, we propose a black-box adversarial text generation method for text classification tasks in the framework based on word importance, named AdaptiveWordBug. AdaptiveWordBug introduces a new scoring strategy, Adaptive Scoring Strategy (ASS), which combines three model-dependent scoring approaches and one model-independent approach. Simultaneously, an adaptive parameter is assigned to each scoring method. Each parameter can be automatically adjusted for different texts. This scoring strategy has two advantages. On the one hand, it can comprehensively and accurately identify important words in any text, greatly enhancing the effectiveness of the generated adversarial texts. On the other hand, each scoring method in this strategy can be easily integrated or removed as a component. This allows simple adjustment of the scoring strategy for different target models, resulting in good suitability for various target models. In experiments conducted on Chinese text classification datasets, we employ the proposed AdaptiveWordBug to attack Chinese BERT and ChatGPT. The results demonstrate that, compared to baseline methods, AdaptiveWordBug exhibits superior attack effectiveness.

AB - Deep learning models demonstrate vulnerability to textual adversarial attacks. Research on adversarial text generation methods contributes to the subsequent design of corresponding countermeasures. Current word-level adversarial text generation methods are typically designed in the framework based on word importance. In this framework, we need to score the importance of each word in a text with a scoring method and subsequently perturb these words in descending order of importance. However, current approaches typically employ a single model-dependent method to score the word importance during the scoring process. This scoring strategy often struggles to select important words comprehensively and accurately and may even fail when faced with some texts. To address this issue, we propose a black-box adversarial text generation method for text classification tasks in the framework based on word importance, named AdaptiveWordBug. AdaptiveWordBug introduces a new scoring strategy, Adaptive Scoring Strategy (ASS), which combines three model-dependent scoring approaches and one model-independent approach. Simultaneously, an adaptive parameter is assigned to each scoring method. Each parameter can be automatically adjusted for different texts. This scoring strategy has two advantages. On the one hand, it can comprehensively and accurately identify important words in any text, greatly enhancing the effectiveness of the generated adversarial texts. On the other hand, each scoring method in this strategy can be easily integrated or removed as a component. This allows simple adjustment of the scoring strategy for different target models, resulting in good suitability for various target models. In experiments conducted on Chinese text classification datasets, we employ the proposed AdaptiveWordBug to attack Chinese BERT and ChatGPT. The results demonstrate that, compared to baseline methods, AdaptiveWordBug exhibits superior attack effectiveness.

KW - Adversarial example

KW - Deep neural network

KW - Scoring method

KW - Text classification

KW - Textual adversarial attack

UR - https://www.scopus.com/pages/publications/105020921640

U2 - 10.1016/j.neunet.2025.108262

DO - 10.1016/j.neunet.2025.108262

M3 - 文章

C2 - 41205356

AN - SCOPUS:105020921640

SN - 0893-6080

VL - 195

JO - Neural Networks

JF - Neural Networks

M1 - 108262

ER -

AdaptiveWordBug: Generating adversarial texts with an adaptive scoring strategy against deep learning classifiers

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this